BIT-LIBPHP-2024-4577 Argument Injection in PHP-CGI

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

BIT-LIBPHP-2024-11233 Single byte overread with convert.quoted-printable-decode filter

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas...

CVE-2012-10047

Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a...

Astra Linux – Vulnerability in PHP 8.2

In PHP versions starting from 8.1. up to 8.1.32, and from 8.2. up to 8.2.28, as well as in versions starting from 8.3. up to 8.3.19, and from 8.4. up to 8.4.5, when the HTTP request module parses HTTP responses received from servers, folded headers are parsed incorrectly. This may lead to...

PHP Exec, PHP Command Shell, Bind TCP (via perl) IPv6

Execute a PHP payload from a command. Listen for a connection and spawn a command shell via perl persistent over IPv6 Module Options msf use payload/cmd/unix/php/bindperlipv6 msf payloadbindperlipv6 show actions ...actions... msf payloadbindperlipv6 set ACTION msf payloadbindperlipv6 show options...

CVE-2021-20076

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution RCE on the Tenable.sc server via Hypertext Preprocessor unserialization...

WordPress Pet World theme <= 2.8 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pet World versions = 2.8...

The vulnerability of the PHP programming language interpreter, related to deficiencies in handling HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the PHP programming language interpreter is related to deficiencies in the processing of HTTP request headers. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests a type of HTTP Request Smuggling attack...

php: Stream HTTP wrapper truncates redirect location to 1024 bytes

A flaw was found in PHP. This vulnerability allows incorrect URL truncation and redirection to the wrong location via HTTP redirect handling due to a limited location buffer size...

WordPress plugin License For Envato 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-16621 · WordPress · Wpfactory Custom Css

Name of the Vulnerable Software and Affected Versions: WPFactory Custom CSS, JS & PHP versions n/a through 2.4.1 Description: A Cross-Site Request Forgery CSRF issue allows Remote Code Inclusion. This is a critical issue that can be exploited remotely. Recommendations: For versions n/a through...

CVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

PT-2025-16085

Name of the Vulnerable Software and Affected Versions: EventON versions prior to 2.3.2 EventON version 2.3.2 Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...

UpdraftPlus plugin’s vulnerability: The WP Backup & Migration system for WordPress content management system, which allows attackers to inject a PHP object into the system.

UpdraftPlus plugin’s vulnerability: The WP Backup & Migration system of the WordPress content management system is vulnerable due to shortcomings in the deserialization mechanism. Exploiting this vulnerability allows an attacker to inject a PHP object remotely...

PHP Parser 安全漏洞

PHP Parser is a PHP parser written in PHP by Nikita Popov, a personal developer. A security vulnerability exists in PHP Parser version v3.2.1, which stems from the lib.combine function containing a prototype contamination vulnerability...

WordPress plugin Funnelforms Free 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

The vulnerability of the ldap_escape() function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the ldapescape function in the PHP programming language is related to the escape operation going beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

DEBIAN-CVE-2024-8932

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescape function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write...

WordPress NIX Anti-Spam Light plugin <= 0.0.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin NIX Anti-Spam Light versions = 0.0.4...

Symfony 注入漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony. Symfony suffers from an injection vulnerability that stems from allowing the separation of a PHP application from its global state...